[THIN] Re: Alert: Zero day exploit...I suggest you do this workaround if you have a Windows 2003 server!

• From: "Jim Kenzig http://ThinHelp.com" <jkenzig@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx, windows2000@xxxxxxxxxxxxx
• Date: Tue, 3 Jan 2006 08:40:13 -0800 (PST)

While W2K..98, 95 etc could be affected I would reccomend only installing fix 
or being concerned about Windows 2003 and XP systems as Microsoft did not have 
a native viewer installed for WMF (the fax and picture viewer) until those 
OS's.  
 
Sans has posted a fix at http://isc.sans.org/     
http://handlers.sans.org/tliston/WMFHotfix-1.1.14.msi specifically if you are 
truly concerned until MS releases one.  
There is also an article here
http://blogs.pcworld.com/tipsandtweaks/archives/001162.html
 
Gibson's explanation/download page regarding the fix is at:
 
http://www.grc.com/sn/notes-020.htm
 
Jim


----- Original Message ----
From: "Nikolic, Aleks" <
To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
Sent: Monday, January 02, 2006 8:59:07 AM
Subject: [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround 
if you have a Windows 2003 server!


Matthew,
 
Better late then never but it seems W2K is also affected:
http://www.microsoft.com/technet/security/advisory/912840.mspx




Van: Matthew Shrewsbury [mailto:] 
Verzonden: vrijdag 30 december 2005 15:36
Aan: thin@xxxxxxxxxxxxx
Onderwerp: [THIN] Re: Alert: Zero day exploit...I suggest you do this 
workaround if you have a Windows 2003 server!


Out Citrix servers are Win2K so I think we are ok. However we have a lot of fat 
XP clients I'm working on.
 
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Senior Network Administrator
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Jim Kenzig http://ThinHelp.com
Sent: Friday, December 30, 2005 9:32 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround 
if you have a Windows 2003 server!
 
That's what I'm here for. : )  Hope the list is quiet because everyone is 
busily patching their servers with the workaround and not Out of the office. 
Jim

----- Original Message ----
From: Matthew Shrewsbury <
To: thin@xxxxxxxxxxxxx
Sent: Friday, December 30, 2005 9:27:10 AM
Subject: [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround 
if you have a Windows 2003 server!
Thanks for the info!
 
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Senior Network Administrator
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Jim Kenzig http://ThinHelp.com
Sent: Friday, December 30, 2005 8:53 AM
To: windows2000@xxxxxxxxxxxxx; thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround 
if you have a Windows 2003 server!
 
More on this from Larry Seltzer...
http://www.eweek.com/article2/0,1895,1906513,00.asp
 


----- Original Message ----
From: Jim Kenzig http://ThinHelp.com <
To: windows2000@xxxxxxxxxxxxx; thin@xxxxxxxxxxxxx
Sent: Friday, December 30, 2005 8:20:39 AM
Subject: Re: Alert: Zero day exploit...I suggest you do this workaround if you 
have a Windows 2003 server!
Microsoft's security advisory out on this attack:
http://www.microsoft.com/technet/security/advisory/912840.mspx
JK

----- Original Message ----
From: Jim Kenzig http://ThinHelp.com
To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx
Sent: Thursday, December 29, 2005 5:43:06 PM
Subject: [windows2000] Alert: Zero day exploit...I suggest you do this 
workaround if you have a Windows 2003 server!
See
http://www.eweek.com/article2/0,1895,1906210,00.asp
 
The workaround is:
A workaround called REGSVR32 has been posted and was included in Microsoft's 
advisory. The workaround is as follows, as quoted from the advisory: 
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) 
1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" 
(without the quotation marks), and then click OK. 
2. A dialog box appears to confirm that the un-registration process has 
succeeded. 
  Click OK to close the dialog box. 
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be 
started when users click on a link to an image type that is associated with the 
Windows Picture and Fax Viewer. 
 
Jim Kenzig
http://thinhelp.com
 

• References:
  • [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround if you have a Windows 2003 server!
    • From: Nikolic, Aleks

Other related posts:

• » [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround if you have a Windows 2003 server!
• » [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround if you have a Windows 2003 server!
• » [THIN] Alert: Zero day exploit...I suggest you do this workaround if you have a Windows 2003 server!
• » [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround if you have a Windows 2003 server!
• » [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround if you have a Windows 2003 server!
• » [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround if you have a Windows 2003 server!
• » [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround if you have a Windows 2003 server!
• » [THIN] Re: Alert: Zero day exploit...I suggest you do this workaround if you have a Windows 2003 server!

1. Home
2. thin
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---